Businesses that manage security risks effectively have higher possibilities of cementing their market stature, thereby boosting growth and edge over competing market entities. COVID-19 unleashed cyber threats in higher sophistication and volume, making it a critical enterprise-wide risk. According to a Cisco study, since the start of COVID-19, 73% of Indian organizations experienced an over 25% jump in cyber threats. Prior to that, in 2018 India witnessed the largest data breach in the world due to lax cybersecurity protocols, resulting in a breach of records of more than 1.1 billion citizens (Global Risk Report 2019-World Economic Forum).
With technological prowess, agility, and innovation being a non-negotiable bedrock for any successful business, organizations must proactively reassess security strategies. A cybersecurity roadmap will empower them to build resilience in the 'new normal,' to meet the needs of their customers, employees, and suppliers.
One of the methods suggested within India's Cybersecurity Policy in 2013 was to ‘encourage all organizations, private and public, to designate a member of senior management, as CISO, responsible for cybersecurity efforts and initiatives.’ Eight years ago, the need for a dedicated C-Suite leader was anticipated, along with an infrastructure to improve a company's overall cyber ecosystem. With responsibilities stretching from the boardroom to data centers, CISOs in the 'new normal' will be supervising security technologies, designing and implementing standards and controls, monitoring ongoing risks, and responding effectively to cyber incidents. CISOs need to nurture an ecosystem that gives impetus to their organization's sustenance and growth.
The pandemic has had a long-lasting impact on the cyber landscape with Work-from-Home scenarios, and; protecting people and assets against impending threats is significant:
- Ransomware will be the most significant financial risk to enterprises and the Government. It caused US$1 billion in economic damage globally in 2020, a figure slated to be higher, as often such incidents are unreported. Organized cybercrime groups are likely to steal data, making data breach a dual-priority for CISOs, having to deal with data recovery and the negative attention.
- Reported insider threat cases accounting for 30% of breaches and other security incidents in 2020 are likely to continue due to limited access controls and the inability to detect unusual activity when the attacker is already in the security network.
- 'Deepfakes,' fake audio/video content is used to create targeted content for manipulating opinions, for example, the stock market. The unease around this phenomenon will continue to grow in 2021, making the job of cyber forensics more difficult.
- While 5G commercial rollouts in 2021 will unlock tremendous potential across verticals, it could expose vulnerabilities of a hyper-connected environment, leading to online fraud, data breach, identity theft, and ransomware attacks. IoT devices experience an average of 5,200 attacks per month. There could also be a severe threat to the Internet of Medical Things (IoMT) that could become a vital health crisis.
CISOs in India need to create a robust cybersecurity ecosystem with a concerted effort aggressively by:
- Considering cybersecurity as an integral part of organizational culture. According to Cisco's Future of Secure Remote Work Report 2020, 55% of Indian organizations believe that a lack of employee awareness is a challenge in reinforcing cybersecurity protocols for remote working. CISOs should implement a Crisis Response Incident Plan (CRIP), establishing response plans for cybersecurity incidents, and document employee responsibilities, communication channels, and disclosure requirements. Sensitizing the workforce about cyberthreats and cybersecurity measures should be a priority of the Human Resources division, for example, via mock drills.
- Adopting more zero-trust approaches for protecting data/identities and improving overall corporate cybersecurity. Deperimeterization of the corporate network will take place in 2021. A hybrid cloud environment that connects a mix of public cloud, private cloud, and on-premises IT infrastructure could be an option to meet various organization needs.
- Driving convergence across security solutions capable of integrating multiple services on a single platform will be critical. Investing in emerging threat detection and response solutions for such automation, monitoring, collection, correlation of data collated from multiple security tools, and incident-response capabilities will prioritize. Additionally, the amount of time IT/Network Security teams spent on management tasks will be lessened, thereby reducing costs.
- Machine Learning and Artificial Intelligence could enhance security of 5G networks and prevent attacks and frauds by recognizing user patterns through automated algorithms and tagging certain events- preventing similar future attacks. Combining software-defined network (SDN) and cloud security with 5G could be an essential part of the security strategy.
Overall, India aims to have a comprehensive data protection framework in place. The National Cyber Security Strategy 2020 (to be released) envisages securing business data to enhance cybersecurity of Government, Corporates and Citizens alike.